0 votes

When using the remove all groups script from your repository. https://www.adaxes.com/script-repository/remove-all-group-memberships-for-a-user-account-s33.htm

I need to have adaxes log each group removal. I have tried $group.Remove($Context.TargetObject.AdsPath) $context.LogMessage("$group was removed from %username%", "Information") And $group.Remove($Context.TargetObject.AdsPath) $context.LogMessage($group+" was removed from %username%", "Information")
What I get in the log is: image.png What am I doing wrong?

by (1.0k points)

1 Answer

+1 vote
by (272k points)

Hello,

You can use the below updated script.

$groupNamesToSkip = @("MyGroup1", "MyGroup2", "Department*") # TODO: modify me

function SkipGroup($patterns, $name)
{
    foreach ($pattern in $patterns)
    {
        if ($name -like $pattern)
        {
            return $True
        }
    }

    return $False
}

# Get all groups user is a direct member of
$groupGuids = $Context.TargetObject.GetEx("adm-DirectMemberOfGuid")

# Get the Primary Group ID
$primaryGroupId = $NULL
if ($Context.TargetObject.DirectoryType -eq 1)
{
    $primaryGroupId = $Context.TargetObject.Get("primaryGroupID")
}

foreach ($groupGuidBytes in $groupGuids)
{
    # Bind to the group
    $groupGuid = New-Object "System.Guid" (,$groupGuidBytes)
    $groupGuid = $groupGuid.ToString("B")
    $groupPath = "Adaxes://<GUID=$groupGuid>"
    $group = $Context.BindToObject($groupPath)

    if ($group.DirectoryType -eq 1)
    {
        # Skip Primary Group
        if ($group.Get("primaryGroupToken") -eq $primaryGroupId)
        {
            continue
        }

        $groupName = $group.Get("sAMAccountName")
    }
    else
    {
        $groupName = $group.Get("name")
    }

    # Skip special groups
    if (($groupNamesToSkip -ne $NULL) -and 
        (SkipGroup $groupNamesToSkip $groupName))
    {
        continue
    }

    # Remove user from the group
    $group.Remove($Context.TargetObject.AdsPath)
    $Context.LogMessage("User %fullname% removed from group $groupName", "Information")
}
0

Thank you works perfectly.

Related questions

0 votes
1 answer

For instance to execute a powershell script that enable MFA for all member in that group?

asked Jan 27, 2023 by samuel.anim-addo (20 points)
0 votes
1 answer

When running a PowerShell script as an action in a custom command, you can set the script to run as a different account and then use the RunAs property in the ... Is there another way to get the Adaxes service account's credentials from within the script?

asked Mar 31, 2022 by KelseaIT (320 points)
0 votes
1 answer

I'm trying to implement the script on https://www.adaxes.com/script-repository/changes-in-group-membership-including-changes-made-by-3rd-party-tools-s289.htm. I added my ... is set to run hourly on Domain Admins, and Exchange Admin "group" objects. Thanks

asked Feb 26 by stevehalvorson (110 points)
0 votes
0 answers

By default, in hybrid environments, when an on-premises AD object is created in Adaxes within the scope of a Microsoft 365 tenant, Adaxes will create the corresponding ... the Display the temporary password in the Execution Log checkbox. Click OK twice.

asked Nov 16, 2022 by Adaxes (550 points)
0 votes
1 answer

Hello, I am wanting to write a script to have Adaxes add/remove all authorized DHCP Servers in the domain to a certain security group weekly. Dynamically adding and removing ... you have a better soulution then PS, then let me know. Thanks in advance!

asked Feb 8 by NewTechSolutions (20 points)
3,346 questions
3,047 answers
7,782 comments
544,994 users